Skip to main content

Mondoo 7.18 is out!

ยท 3 min read

๐Ÿฅณ Mondoo 7.18 is out! This release includes updated GCP resources, expanded EOL detection, and more!โ€‹

Get this release: Installation Docs | Package Downloads | Docker Container


๐Ÿงน IMPROVEMENTSโ€‹

GCP resource updatesโ€‹

We've continued to expand the data you can query using MQL in your GCP projects to make asset inventory and security easier:

  • Add new gcp.project.compute.addresses resource

    gcp.project.compute.addresses[0]: {
    ipv6EndpointType: ""
    created: 2022-12-15 12:45:25.62 -0800 -0800
    address: "10.10.0.2"
    network: data is not a map to auto-expand
    networkTier: "PREMIUM"
    id: "2700460578865297802"
    userUrls: [
    0: "https://www.googleapis.com/compute/v1/projects/mondoo-edge/regions/us-central1/forwardingRules/gke-mondoo-gke-cluster-2-c255f8bc-73b71c8f-pe"
    ]
    ipVersion: ""
    name: "gke-mondoo-gke-cluster-2-c255f8bc-73b71c8f-pe"
    status: "IN_USE"
    subnetworkUrl: "https://www.googleapis.com/compute/v1/projects/mondoo-edge/regions/us-central1/subnetworks/mondoo-gke-cluster-2-subnet"
    prefixLength: 0
    networkUrl: ""
    regionUrl: "https://www.googleapis.com/compute/v1/projects/mondoo-edge/regions/us-central1"
    addressType: "INTERNAL"
    purpose: "GCE_ENDPOINT"
    description: ""
    subnetwork: gcp.project.computeService.subnetwork name="mondoo-gke-cluster-2-subnet"
    }
  • Add new gcp.project.compute.forwardingRules resource

    gcp.project.compute.forwardingRules: [
    0: {
    description: ""
    ipProtocol: "TCP"
    serviceDirectoryRegistrations: []
    id: "1374403102344"
    labels: {}
    name: "front-lb-1-test"
    serviceName: ""
    network: gcp.project.computeService.network name="test-vpc-3"
    networkUrl: "https://www.googleapis.com/compute/v1/projects/manuel-development-2/global/networks/test-vpc-3"
    allPorts: false
    targetUrl: "https://www.googleapis.com/compute/v1/projects/manuel-development-2/regions/us-central1/targetHttpProxies/lb-1-test-target-proxy"
    ipAddress: "35.209.226.183"
    allowGlobalAccess: false
    networkTier: "STANDARD"
    backendService: ""
    isMirroringCollector: false
    subnetwork: data is not a map to auto-expand
    noAutomateDnsZone: false
    serviceLabel: ""
    ports: []
    loadBalancingScheme: "EXTERNAL_MANAGED"
    ipVersion: ""
    created: 2023-01-19 10:56:30.873 -0800 -0800
    metadataFilters: []
    regionUrl: "https://www.googleapis.com/compute/v1/projects/manuel-development-2/regions/us-central1"
    portRange: "80-80"
    subnetworkUrl: ""
    }
    ]
  • gcp.project.dataproc.clusters data is now only gathered if if the DataProc Cloud service is enabled in the project.

  • Improve reliability of parsing GCP alert policies conditions.

New and improved EOL detectionโ€‹

We've improved support for detecting end of life (EOL) platforms with new and updates EOL detection support:

  • Added EOL detection support for FreeBSD.
  • Added EOL detection support for Linux Mint.
  • Added EOL date for Alpine 3.17.
  • Added EOL date for Fedora 36 and 37.
  • Updated Debian EOL dates to use the end of LTS dates.
  • Updated Photon 2.0 EOL date for the revised date of Dec 31, 2022.
  • Updated Amazon 2022 EOL date for the revised date of Nov 1, 2027.

Support storing Okta token in OKTA_CLIENT_TOKEN env varโ€‹

If you don't want to pass your Okta token on the CLI with the --token flag, cnquery and cnspec now support fetching the token from the OKTA_CLIENT_TOKEN env var in your shell.

๐Ÿ› BUG FIXES AND UPDATESโ€‹

  • Improve consistency of the icons in each integrations page and ensure they are all using the latest vendor logos.
  • Allow opening assets in the fleet view in new windows.
  • Don't show advisories with 0 impacted assets on the space overview page if there are no advisories for any assets in the space.